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I IN THE UNITED STATES PATENT AND TRADEMARK OFFICE 

Application Serial No , 09/227,568 

Filing Date 1/08/99 

Inventorship England 

Applicant Microsoft Corporation 

Group Art Unit 2134 

Examiner : Callahan, Paul E. 

Attorney's Docket No MS1-282USC3 

Title: Key-Based Secure Storage 



PETITION TO WITHDRAW HOLDING OF ABANDONMENT UNDER 37 

CFR 1.181 



RECEIVED 



To : Commissioner of Patents and Trademarks 

P.O. Box 1450 FEB 0 6 2004 

Alexandria, V A 22313-1450 



Technology Center 2100 



From: Nathan R. Rieth (Tel. 509-324-9256; Fax 509-323-8979) 
Customer No. 22801 



Applicant received a Notice of Abandonment from the Office dated 
01/13/2004. The Office indicates in the Notice that Applicant failed to timely file a 
proper reply to the Office letter mailed on 6/18/2004. Applicant respectfully 
requests the Commissioner to withdraw the holding of abandonment on the basis that 
Applicant did timely file a proper reply to the Office letter mailed on 6/18/2004. 

Applicant submits "fierewltfi as evidence of "such reply, ah "Auto-Reply" 
Facsimile Transmission" document dated 07/30/2003. The "Auto-Reply Facsimile 
Transmission" document includes a copy of Applicant's Certificate of Transmission 
under 37 CFR 1.8, which indicates a Fee Transmittal and Response to Office Action 
dated 6/1 8/03 were transmitted with the Certificate. 
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Applicant further submits herewith, copies of the Certificate of Transmission 
under 37 CFR 1.8, the Fee Transmittal, and the Response To Office Action, each of 
which was filed on 7/30/2003. 

We believe that no petition fee is necessary in this case. 



Respectfully Submitted, 



Dated: ^A^/py By: /y^g^^OE^^ 

Nathan R. Rieth 
Reg. No. 44302 
(509)324-9256 
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IN THE UNITED STATES PATENT AND TRADEMARK OFFICE 



Title: Key-Based Secure Storage 



RESPONSE TO OFFICE ACTION DATED JUNE 18. 2003 



Commissioner of Patents and Trademarks 
Washington, D.C. 20231 



From: Nathan R. Rieth (Tel. 509-324-9256; Fax 509-323-8979) 
Lee & Hayes, PLLC 
42 1 W. Riverside Avenue, Suite 500 
Spokane, WA 99201 



Application Serial No. 

Filing Date 

Inventorship 

Applicant... 

Group Art Unit 

Examiner 

Attorney's Docket No. 



09/227,568 

1/08/99 

England 

Microsoft Corporation 



2134 

Callahan, Paul E. 
...MS1-282USC3 
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INTRODUCTORY COMMENTS 

This communication is in response to the Office Action dated June 18, 
2003. Please amend the above-identified application in accordance with the 
directions set forth below. The format of this communication is in accordance 
with the Pre-OG press release titled "Amendments in a Revised Format Now 
Permitted" ("Revised Amendment Format"), as set forth in the News and Notices 
section of the official website of the United States Patent and Trademark Office 
(PTO). 
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AMENDMENTS TO THE CLAIMS 

Please amend the claims of the present application as set forth below. In 
accordance with the PTO's revised amendment format, a detailed listing of all 
claims is provided. A status identifier is provided for each claim in a parenthetical 
expression following each claim number. Changes to the claims are shown by 
strikethrough (for deleted matter) or underlining (for added matter). 

Claims 3, 4, 6-12, 15-22 and 25-30 were pending at the time of the Office 
Action. 

Claims 3, 4, 6-12, 15-22 and 25 are expressly allowed. 
Claims 26 and 28-30 are rejected. 
Claim 27 is objected to. 

Claims 27-30 are amended by the current response. 

Claim 26 is canceled by the current response. 

Accordingly, claims 3, 4, 6-12, 15-22, 25 and 27-30 remain pending. 

1 . (Previously Canceled) 

2. (Previously Canceled) 

3. (Previously Amended) A computerized method for key-based 
secure storage comprising: 

downloading information and an access predicate that specifies 
requirements for an application to access the information; 
generating a seed value; 
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producing a hash seed value based on the seed value using a one-way hash 
function; 

generating an application storage key from the hash seed value; 
encrypting the information using the application storage key; and 
associating the access predicate with the encrypted information. 

4. (Previously Amended) A computerized method for key-based 
secure storage comprising: 

downloading information and an access predicate that specifies 
requirements for an application to access the information; 
generating a seed value; 

producing a first hash seed value based on the seed value using a one-way 
hash function; 

producing a second hash seed value based on the seed value and a user 
identifier using a keyed hash function; 

generating a user storage key from the second hash seed value; 
encrypting the information using the user storage key; and 
associating the access predicate with the encrypted information. 

5. (Previously Canceled) 

6. (Previously Amended) A computerized method for key-based 
secure storage comprising: 

downloading information and an access predicate that specifies 
requirements for an application to access the information; 
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obtaining a storage key; 

encrypting the information using the storage key; 

associating the access predicate with the encrypted information; 

obtaining an operating system storage key; 

encrypting the access predicate with the operating system storage key; and 
encrypting a plurality of other storage keys using the operating system 

storage key, wherein the other storage keys are selected from the group consisting 

of application storage keys and user storage keys. 

7. (Previously Amended) A computerized method for key-based 
secure storage comprising: 

downloading information and an access predicate that specifies 
requirements for an application to access the information; 
obtaining a storage key; 

encrypting the information using the storage key; 

associating the access predicate with the encrypted information; 

generating a seed value; 

generating an operating system storage key based on the seed value; and 
encrypting the access predicate with the operating system storage key. 

8. (Previously Amended) A computerized method for key-based 
secure storage comprising: 

downloading information and an access predicate that specifies 
requirements for an application to access the information; 
generating a seed value for the application; 
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producing an application hash seed value based on the seed value for the 
application using an application-specific one-way hash function; 

generating an application storage key from the application hash seed value; 
generating a seed value for a user; 

producing a first user hash seed value based on the seed value for the user 
using a one-way hash function; 

producing a second user hash seed value based on the first user hash seed 
value and a user identifier using a keyed hash function; 

generating a user storage key from the second user hash seed value, the 
application storage key and the user storage key to encrypt information containing 
a portion specific to an application and a portion specific to the user, 

encrypting the information using the application storage key and the user 
storage key; and 

associating the access predicate with the encrypted information. 

9. (Previously Amended) A computerized method for key-based 
secure storage comprising: 

, downloading information and an access predicate that specifies 
requirements for an application to access the information; 
obtaining a storage key; 

encrypting the information using the storage key; 
associating the access predicate with the encrypted information; 
storing the storage key in a key vault provided by a third-party; and 
recovering the storage key from the key vault. 
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10. (Original) The computerized method of claim 9, wherein 
recovering the storage key comprises: 

requesting recovery of the storage key; and 

providing information to the third-party to enable validation of the request. 

11. (Previously Amended) The computerized method of claim 9, 
further comprising: 

selecting the key vault from a plurality of key vaults provided by a trusted 
operating system. 

12. (Previously Amended) The computerized method of claim 9, 
further comprising: 

selecting the key vault designated by a provider of the information. 

1 3 . (Previously Canceled) 

1 4. (Previously Canceled) 

1 5. (Previously Amended) A computer system comprising: 
a processing unit; 

a system memory coupled to the processing unit through a system bus; 
a computer-readable medium coupled to the processing unit through a 
system bus; 

a generate key function executed from the computer-readable medium by 
the processing unit, wherein the generate key function causes the processing unit 
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to generate an operating system storage key based on an identity for the operating 
system and based on a seed. 

16. (Previously Amended) A computer system comprising: 
a processing unit; 

a system memory coupled to the processing unit through a system bus; 
a computer-readable medium coupled to the processing unit through a 
system bus; 

a generate key function executed from the computer-readable medium by 
the processing unit, wherein the generate key function causes the processing unit 
to generate an operating system storage key based on an identity for the operating 
system; 

an application specific one-way hash function executed from the 
computer-readable medium by the processing unit, wherein the application 
specific one-way hash function causes the processing unit to generate an 
application storage key from a hashed seed; and 

a generate application key function executed from the computer-readable 
medium by the processing unit, wherein the generate application key function 
causes the processing unit to generate the hashed seed from an application seed. 

17, (Previously Amended) A computer system-comprising: 
a processing unit; 

a system memory coupled to the processing unit through a system bus; 
a computer-readable medium coupled to the processing unit through a 
system bus; 
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a generate key function executed from the computer-readable medium by 
the processing unit, wherein the generate key function causes the processing unit 
to generate an operating system storage key based on an identity for the operating 
system; , 

a key-hash function executed from the computer-readable medium by the 
processing unit, wherein the key-hash function causes the processing unit to 
generate a user storage key from a hashed seed and an identity for the user; 

a one-way hash function executed from the computer-readable medium by 
the processing unit, wherein the one-way hash function causes the processing unit 
to generate the hashed seed from a previously hashed seed; and 

a generate user key function executed from the computer-readable medium 
by the processing unit, wherein the generate user key function causes the 
processing unit to generate the previously hashed seed from a user seed. 

1 8. (Previously Amended) A computer system comprising: 
a processing unit; 

a system memory coupled to the processing unit through a system bus; 
a computer-readable medium coupled to the processing unit through a 
system bus; and 

a trusted operating system executed from the computer-readable medium by 
- the processing unit, wherein the trusted-operating- system causes -the-processing 
unit to encrypt downloaded information using a storage key based on a seed 
value. 
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.19. (Previously Amended) The computer system of claim 18, 
wherein the trusted operating system further causes the processing unit to encrypt 
an access predicate associated with the downloaded information using an 
operating system storage key^ to encrypt the seed value for the storage key using 
the operating system storage key, and to associate the encrypted access predicate 
with the encrypted seed value. 

20. (Previously Amended) The computer system of claim 19, 
wherein the trusted operating system further causes the processing unit to validate 
each application requesting access to the downloaded information using the access 
predicate, and decrypts the seed value for use by a validated application. 

21. (Previously Amended) The computer system of claim 18, 
wherein the storage key used to encrypt the downloaded information is specific to 
an application. 

22. (Previously Amended) The computer system of claim 18, 
wherein the storage key used to encrypt the downloaded information is specific to 
a user. 

23. (Previously Canceled) 

24. (Previously Canceled) 
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25. (Previously Added) A computerized method for key-based secure 
storage comprising: 

downloading information and an access predicate that specifies 
requirements for an application to access the information; 
obtaining a storage key; 

encrypting the information using the storage key; 
associating the access predicate with the encrypted information; 
storing the storage key in a key vault provided by a third-party; 
recovering the storage key from the key vault; and 

selecting the key vault from a plurality of key vaults provided by an 
authenticated operating system. 

26. (Currently Canceled) 

27. (Currently Amended) A computer system comprising: 
a processing unit: 

a system memory coupled to the processing unit through a system bus: 
a computer-readable medium coupled to the processing unit through a 
system bus: and 

an authenticated operating system configured to execute on the processing 
unit- from the- computer-readable medium, the authenticated opera ting- system 
causing the processing unit to encrypt downloaded informat ion using a storage key 
based on a seed value: 

The computer Gystom of claim 26, wherein the authenticated operating 
system further causes the processing unit to encrypt an access predicate associated 
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with the downloaded information using an operating system storage key, to 
encrypt the seed value for the storage key using the operating system storage key, 
and to associate the encrypted access predicate with the encrypted seed value. 

28. (Currently Amended) The computer system of claim 26 27, 
wherein the authenticated operating system further causes the processing unit to 
validate each application requesting access to the downloaded information using 
the access predicate, and decrypts the seed value for use by a validated 
application. 

29. (Currently Amended) The computer system of claim 26 22, 
wherein the storage key used to encrypt the downloaded information is specific to 
an application. 

30. (Currently Amended) The computer system of claim 26 27, 
wherein the storage key used to encrypt the downloaded information is specific to 
a user. 
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